IT security practices have always been dominated by trust, often myopically. Specialized applications are still deployed with the assumption that end users, be they customers, contractors, or employees, would not attempt to abuse that trust.
Richard Stiennon delivers a timely, succinct exploration of cyber threats, hack attacks, crime on the web, and information warfare.
I have UTM on my mind. As I travel through Asia these two weeks I am meeting with journalists, analysts, and large telecom providers and they all want to debate UTM (Unified Threat Management).
I have written and pontificated often enough on the dangers of trusted employees. One of the biggest shifts underway in the threatscape is due to the increased value of personal identity information and the emergence of markets for that information.
I am gaining interesting insights into differences in technology adoption as I travel to various parts of the world. Today I am in Beijing where I have met with customers, prospects, analysts, and journalists.
I am attending the IT Security Summit 2007 here in Johannesburg this week. It’s a busy week for conferences with Interop in Vegas and AusCERT in session in Australia.
Law makers in Washington introduced a bill Monday called the "Cyber-Security Enhancement Act of 2007". Brian Krebs gives it good coverage.
Just as the term "cyber terrorism" gets linguists all riled up, "information warfare" is sure to elicit the wrath of security pundits and bloggers alike. While I will be the first to acknowledge that cyber terrorism is a problematic term (no loss of life or limb from shutting down an Internet service), I do ask what do you call it when terrorist organizations engage in hacking and cyber crime?
All right I'll be the first to admit it - Websense acquiring a competitor, Surf Control, is indeed industry consolidation. The news broke last week and, as could be expected, it was labeled "security sector consolidation".
The use of images to assure a user that they are not being phished has started to become common. Yahoo!
Remember Stiennon's first law of network security? It is: Thou shalt not trust an end point to report its own state.
I was prepared to be extra skeptical yesterday, April 1. I was waiting for the "Microsoft purchases Department of Homeland Security" announcements.
Oracle's suit against SAP for hacking its customer portal is revealing but not shocking. As Rothman points out in the Daily Incite everybody is doing it.
The TJX data breach story keeps growing. I hope everyone can tell the difference between a false alarm data breach like the laptop theft at the VA that got so much attention and the Card Systems International breach and now the TJX incident.
The world of CI (competitive intelligence) spans the spectrum from analytical data gathering to seamy shoulder surfing and of course the use of custom Trojan horses. This article in Forbes describes how you can get insight into a company's future product plans by researching their job postings.
You can just scroll down this page to see my predictions for 2007. Pay particular attention to number 8.